umbracocms is vulnerable to account takeover. The use of ApplicationUrl
in ConstructCallbackUrl
to build a URL pointing back to the site allows an attacker to poison password reset URLs and perform account take over.
CPE | Name | Operator | Version |
---|---|---|---|
umbracocms | le | 8.17.1 | |
umbracocms.core | le | 8.17.1 | |
umbracocms | le | 8.17.1 | |
umbracocms.core | le | 8.17.1 |